I need to apply a filter to deny ftp and http over Ipsec Tunnel.

Can you show me correct configuration because my config doesn't work.

Thanks

access-list acl_out permit icmp any any

access-list 100 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 110 deny tcp 192.168.2.0 255.255.255.0 192.168.1.0 eq ftp-data

access-list 110 deny tcp 192.168.2.0 255.255.255.0 192.168.1.0 eq ftp

access-list 110 deny tcp 192.168.2.0 255.255.255.0 192.168.1.0 eq www

access-list 110 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

ip address inside 192.168.2.254 255.255.255.0

nat (inside) 0 access-list 100

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map toCastel 10 ipsec-isakmp

crypto map toCastel 10 match address 110

crypto map toCastel 10 set peer x.x.x.202

crypto map toCastel 10 set transform-set myset

crypto map toCastel interface outside

isakmp enable outside

isakmp key npsgeo address x.x.x.202 netmask 255.255.255.255

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 1000